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AMENDMENTS TO THE CLAIMS 
This listing of claims will replace all prior versions and listings of claims in the application. 
Listing of Claims: 

Claim 1 (Currently Amended): A method for secure communications between a client and 
one of aplurality of sever* performed on an intermediary device coupled to the client and said 
plurality of servers, comprising: 

(a) establishing an open communications session between the intermediary device 

and the client via an open network; 

(b) negotiating a secure communications session with the client; 

(c) establishing an open communications session with said one of said plurality of 

servers via a secure network; 

(d) receiving encrypted data from the client via the secure communications session; 
(e> decrypting encrypted application data; 

(f) forwarding decrypted application data to the server via the secure network; 

(g) receiving application data from the server via the secure network; 

(h) encrypting the application data; and 

(i) sending encrypted application data to the client^ 

wherein steps (e) and ff> are performed at th e nacket level of a network stack of the 
intermediate device without processing the appl ication data with an application layer of a 
network stack . 

Claim 2 (Original ): The method of claim 1 wherein said step (a) comprises the sub steps of: 
receiving a request for a communications session from the client; 
responding to the request for a communications session in place of the server; and 
establishing a secure communications session between the client and the intermediary 

device. 
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Claim 3 (Original): The method of claim 2 wherein said step of (a) comprises receiving a TCP 
SYN packet from a client and responding to the SYN packet with appropriate responses as a 
proxy for the server. 

Claim 4 (Original): The method of claim 1 wherein said step of negotiating a secure 
cornrrj.unications session comprises negotiating an SSL session with the client in place of the 
server. 

Claim 5 (Currently Amended): The method of claim 1 further including the step : 
receiving the application data as multi-segment records,; 

fhrwarrlinp at least a portion of the decrypted application for each of the records nrior to 

receiving complete records; 

discarding at least a portion of each of the records aft er forwarding: and 
authenticating the decrypted application data of each data reoord using the re maining 

non-discarded portion of the data record upon receiving a final seg ment of the multi-segment 

recor do f authenticating deK^rypted r opplication data . 

Claim 6 (Original): The method of claim 1 wherein the step of forwarding decrypted 
application data to said one of said plurality of servers comprises forwarding unauthenticated 
application data. 

Claim 7 (Currently Amended): The method of claim 6 wherein said step of forwarding 
unauthenticated application data includes the further, subsequent step of authenticating the data.. 

Claim 8 (Currently Amended): The method of claim 1 wherein, prior to said step of 
establishing a communications session with one of said plurality of servers, the method includes 
the step of: 

selecting one of said plurality of servers to forward said decrypted authentication data to 
based on a load balancing algorithm that calculates current processing loads associated with each 
of the servers . 
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Claim 9 (Original): The method of claim 8 further including the step of: 

tracking data passing between the client and said one of said plurality of servers. 

Claim 1 0 (Original): The method of claim 9 wherein said step of tracking comprises: 

establishing a session tracking database recording, for each session, a session ID, a TCP 
sequence number and an SSL session number. 

Claim 1 1 (Original): The method of claim 10 further including tracking, for each session, an 
initialization vector. 

Claim. 12 (Currently Amended): An apparatus coupled to a public network and a secure 
network, communicating with at least one client via the public network and communicating with 
one of a plurality of servers via the secure network, comprising: 

a network interface communicating with the public network and the secure network; 

at least one processor; 

programmable dynamic memory addressable by the processor; 

a communications channel coupling the processor, memory and network communications 
interface; 

a proxy TCP communications engine; 

a proxy SSL communications engine; 

a server TCP communications engine; and 

a packet data encryption and decryption engine! 

wherein the proxy SSL communications eng i ne and the server TCP communications 
engine decrypt encrypted application data from the clie n t and forward the decrypted application 
data to the one of the plurality of servers without p rocessing the application data with an 
application laver of a ne twork stack of the apparatus. 

Claim 13 (Currently Amended): The apparatus of claim 12 wherein the fa rther oornprisinft a 
negotiation manager that enables the apparatus as a TCP and SSL proxy for the server. 
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Claim 14 (Original): The apparatus of claim 1 2 further including a load balancing engine to 
direct application data between the at least one client and said one of said plurality of servers by. 
copying data from an SSL communications session established by the SSL communications 
engine to a server TCP session established by the server TCP communications engine. 

Claim 1 5 (Original): The apparatus of claim 12 wherein the encryption and decryption engine 
decrypts encrypted packet data to produce application data. 

Claim 16 (Original): The apparatus of claim 12 further including a session tracking database 
having at least one record per communication session between the client and server. 

Claim 17 (Original): The apparatus of claim 16 wherein said at least one record includes a TCP 
sequence number and an SSL sequence number. 

Claim 1 8 (Original): The apparatus of claim 16 further including a recovery manager using said 
database to recover from communication errors. 

Claim 19 (Original): The apparatus of claim 12 wherein the packet data encryption and 
decryption engine decrypts packets from SSL data which spans over multiple TCP segments and 
forwards packet data to a server which is not authenticated. 

Claim 20 (Currently Amended): The apparatus of claim 1249 wherein said data is not 
buffered during decryption. 

Claim 21 (Currently Amended): The apparatus of claim 1249 wherein said data is buffered 
for a length sufficient to complete a block cipher used to encrypt the data. 
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Claim 22 (Currently Amended): Tbe apparatus of claim 1230 a 

wherein said packet data encryption and decryption engine includes an authentication 
process which authenticates the decrypted data after a final segment of a multi-segment 
encrypted data stream recordis received, and 

wherein the authentication process discards at le ast a portion of the data record and 
authenticates decr ypted data using the remaining portion of the data record after the final 
segment is received . 

Claim 23 (Currently Amended): A method of providing secure communications between a 
plurality of customer devices and an enterprise, comprising: 

providing a device enabled for secure communication with customer devices and having 
an IP address of the enterprise; 

receiving with an intermediate device communications directed to the enterprise in secure 

protocol; 

decrypting data packets of the secure protocol to provide decrypted packet data at foe 
packet-level of a network stack of the intermediate device ; 

bypassing an application laver of the netwo rk stack of the intermediate device and 
forwarding the decrypted packet data from the intermediate device t o at least one server of the 
enterpris e without processing the decrypted pack et data with the application layer, 

receiving application data from a secure server of the enterprise; 

encrypting the application data received from the enterprise; and 

forwarding encrypted application data to the customer. 

Claim 24 (Original): The method of claim 23 wherein the secure communication is SSL 
protocol encrypted application data. 

Claim 25 (Original): The method of claim 23 wherein said step of receiving comprises the sub 
steps of initiating a communications session with the enterprise and negotiating a secure 
communication session with the device. 
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Claim 26 (Original): The method of claim 23 further including the step of negotiating an open 
communications session with said at least one server of the enterprise and wherein said step of 
forwarding includes forwarding decrypted data via the open communications session. 

Claim 27 (Original): The method of claim 23 wherein said step of receiving communications 
includes receiving a plurality of secure communication sessions from a plurality of customers. 

Claim 28 (Original): The method of claim 27 further including a step of selecting one of a 
plurality of enterprise servers to which to direct data in said step of forwarding said decrypted 
packet data. 

Claim 29 (Original): The method of claim 28 further including the step of tracking each 
communications session between each of said plurality of customers and an associated one of 
said plurality of enterprise servers* 

Claim 30 (Currently Amended): A method for secure communications between a client and 
one of a plurality of servers performed on an intermediary device coupled to the client and said 
plurality of servers, comprising: 

(a) establishing an open communications session between the intermediary device 

and the client device via an open network; 

(b) negotiating a secure communications session between the intermediary device and 

the client; 

(c) establishing an open communications session between the intermediary device 
and said one of said plurality of servers via a secure network; 

(d) receiving encrypted data from the client via the secure communications session; 

(e) decrypting encrypted application data; 

(f) bypassing an a pplication laver of a network stack of the intermediate device and 
forwarding decrypted application data from the inter mediate device to the server via the secure 
network without processing the decrypted pack et data with the application layer; 

(g) receiving application data from the server via the secure network; 
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(h) encrypting the application data; 

(i) sending encrypted application data to the client; 

(j) detecting a communications anomaly in a communications session between 
client and the intermediary device; and 

(k) passing TCP data from through the intermediary device. 
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